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(54) Process executing method and resource accessing method in computer system 



(57) A process executing method capable of per- 
forming multiprocessing by using a shared resource 
(608) without impairing periodical drivability of proc- 
esses designed for executing continuous media 
processing. When a process requests the use of the 
shared resource, abortion of that process is first disa- 
bled by the process itself by using an abort disable func- 
tion (21) and then preemption of the same process Is 
disabled by means of a preempt control module (30), 
whereupon the process enters a processing executed 
by using the shared resource (608). Upon completion of 
the processing for the shared resource (608). the proc- 
ess Is immediately set to a preempt-enabled state by 
means of a preempt control module (30). After comple- 
tion of all the processings, the abort-disabled state is 
finally cleared by using a disabled-abort clear function 
(22). Upon occurrence of forcive termination of a proc- 
ess in the abort-disabled state thereof, execution of this 
process is continued until the abort-disabled state is 
cleared, and the process is terminated fordbly after the 
abort-disabled state has been cleared. 
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Description 

BACKGROUND OF THE INVENTION 

The present invention relates to a method of exe- 5 
cuting processes in an operating system controlling a 
conrtputer system and a method of accessing a resource 
in the computer system. More particularly, the invention 
is concerned with a method of executing processes by 
using a shared resource in an operating system provid- io 
ing a multiprocessor or multiprocessing environment. 

In the operating system capable of providing the 
multiprocessing environment for executing a plurality of 
processes (or tasks) in parallel on a time-division basis, 
it is required to execute the processes while performing is 
mutual exclusive control or management so that the 
resource shared among the processes is not simultane- 
ously allocated to a plurality of processes. As a means 
for realizing such mutual exclusive management, there 
is known and widely adopted in the operating system 20 
(OS) a procedure referred to as "lock control". 

In the lock control, a flag Indicating that a corre- 
sponding shared resource Is being used is set for each 
of the shared resources. When one of the processes Is 
going to perform a processing by using a given one of 25 
the shared resources, it is checked whether the flag cor- 
responding to this shared resource is set by any other 
process. Unless the flag is set by the other process, the 
given one process can use exclusively the shared 
resource while setting the flag indicating that the 30 
resource is occupied. This operation is typically referred 
to as "lock or locking" of the shared resource. Upon 
completion of the processing for the shared resource, 
the process releases the shared resource while reset- 
ting the flag. This operation Is referred to as "unlock or 35 
unlocking" of the shared resource. On the other hand, 
when the flag corresponding to the shared resource to 
be used Is set by any other process, the operating sys- 
tem sets the one process requesting the use of this 
resource to the waiting or standby state until that shared 40 
resource has been unlocked. 

At this juncture, let's assume that a process 1 of low 
priority and a process 2 of high priority are executed in 
parallel and that an shared resource A Is shared availa- 
bly by these two processes. On this assumption, it is fur- 45 
ther supposed that the process 1 of low priority has 
locked the shared resource A In the course of using a 
CPU (central processing unit) and that the shared 
resource A has entered into a suspended state with the 
lock being left validated. In that case, the process 2 of so 
high priority assigned with the right for using the CPU in 
succession to the process 1 can not use the shared 
resource A, because the resource has been locked by 
the process 1 of low priority. As a consequence, execu- 
tion In succession becomes Impossible. ss 

The problem that the process of high priority is 
Inhibited from execution in succession because of the 
lock secured by the process of low priority is referred to 



as the priority Inversion problem. Concerning this prior- 
ity inversion problem, reference may be made to "PRI- 
ORITY INHERITANCE PROTOCOLS: AN APPROACH 
TO REAL-TIME SYNCHRONIZATION" In IEEE 
TRANSACTIONS ON COMPUTERS, Vol, 39. No. 9, 
September 1990, pp. 1175-1185. In the conventional 
operating system known heretofore, when the priority 
Inversion takes place, the dormant process of low prior- 
ity acquired and locked the shared resource is executed 
with the topmost priority in order to unlock the shared 
resource so that the process of high priority can be exe- 
cuted as early as possible. 

On the other hand, the operating system providing 
the multiprocessing environment is imparted with a 
function for protecting the resource allocated to a given 
process against the illegal access attempted by any 
other process. This function is referred to as the access 
right control or manage function. The access right con- 
trol or management now under consideration is based 
on the presumption that the access right can be set on 
a process-by-process basis and that a plurality of proc- 
esses may simultaneously try to access a computer 
resource. An interface for allowing a user application to 
call the functions of the operating system is ordinarily 
provided and known as "system cair. In this conjunc- 
tion, It Is noted that when a pointer is used as an argu- 
ment of the system call, designation of an illegal 
address by the user application may unfavorably lead to 
destruction of important data resident in the operating 
system. To avoid such unwanted situation, an Identifier 
is used as the argument In place of the pointer in typical 
one of the access right control or management. 

In the case of the access right control method in 
which the Identifier is used as the argument in the sys- 
tem call issued by the user application, the operating 
system is required to translate the identifier to an 
address in the resource for making access to the 
resource. In this context, the simplest one of the transla- 
tion methods is a method in which the hash function is 
employed. According to this method, an Identifier is 
placed In or assigned to the hash function as a key. 
whereon the hash value as obtained is used as the 
address. The access right control method relying on the 
hash function will be described below. 

§1. Configuration 

As Is shown In Fig. 1 . the operating system assigns 
a resource identifier 100 to the hash function (F) 101 as 
a key to acquire as the hash value an index "Index" 102 
contained in a resource management data table 1 04. As 
Is shown In Fig. 2A, resource management data 105 
stored in the resource management data table 104 con- 
tains an identifier 201, a pointer 205 to a resource 103, 
a flag 202 Indicating presence or absence of a succeed- 
ing or next resource management data 106, a pointer 
203 to the succeeding resource management data 106, 
and a pointer 204 to process management data 107. 
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There may arise such situation that the hash func- 
tion returns a same index "Index" for different identifiers 
RID. In that case, collision between the indexes "index" 
will occur. Accordingly, the second resource manage- 
ment data 106 et seq. are stored in an overflow area 
with the address of the second or succeeding resource 
management data 106 being placed in the immediately 
preceding resource management data 105. 

In case the resource is a shared resource, there 
exist a plurality of processes having respective access 
rights for the same Identifier RID. In that case, the point- 
ers to the second process identifier data 108 et seq. are 
placed in the immediately preceding process manage- 
ment data 107. 

The resource management data 105 is shown in 
Fig. 2A while the process management data 107 is 
shown In Fig. 2B. As can be seen in Fig. 2B, the process 
management data 1 07 is composed of a process identi- 
fier 207, a flag 208 indicating presence or absence of 
the next process management data, and a pointer 209 
to the next process management data. At the end of the 
user application, rt becomes necessary to know the 
identifier of the process having the access right in order 
to deallocate the resource occupied by the process. 
Thus, the operating system Is provided with a process- 
specific resource identifier list 109 in which a resource 
identifier 1 10 is entered every time when a correspond- 
ing resource is generated or every time the access right 
to the shared resource is acquired. 

§2. Resource Allocation Processing 

Figure 3 is a flow chart for illustrating a resource 
allocation processing. 

When the system call requesting the resource allo- 
cation Is issued to the operating system by a user appli- 
cation, the operating system responds thereto by 
allocating the resource (step 1000). Subsequently, the 
operating system acquires an identifier RIDx definite in 
the system (step 1001) and places the identifier RIDx to 
the hash function as a key. Thus, the index "Index" con- 
tained in the resource management data table 104. i.e.. 
the address where the resource management data x is 
stored is obtained (step 1002). In the case where the 
resource management data y has already been placed 
at the leading location of the area designated by the 
Index, i.e., when collision between the indexes occurs 
(step 1003), tiie pointers are followed up from one to 
another (step 1005) so long as the flag 202 Indicating 
presence or absence of the identifier management data 
105 assumes a value "ON" (indicating the presence of 
the resource management data 1 05) (step 1 004). When 
the resource management data z for which the flag 202 
indicating the presence or absence of the succeeding 
identifier management data is set to "OFF" is found in 
the course of following or tracing the pointers, then the 
succeeding Identifier management data pres- 
ence/absence flag 202 is set to "ON" (step 1006). Sub- 



sequently, an area for the new resource management 
data ^ is allocated to the overflow area (step 1007), 
whereupon the pointer 203 to the immediately preced- 
ing resource management data contained in the 

5 resource management data y Is placed at the address 
of the resource management data x (step 10O8). When 
it Is found in the step 1003 that the succeeding identifier 
management data is not stored, the area for the 
resource management data x Is assigned to the main 

70 area (step 1009). 

The process management data 107 is placed In the 
process management area and the process identifier is 
stored therein (step 1 010). At the same time, the identi- 
fier RIDx 207 Is stored in the process-specific identifier 

15 list 109 (step 101 1). The identifier RIDx 201 , the pointer 
204 to the process management data and the resource 
pointer 205 contained in the resource management 
data X 105 are assigned with respective values, wher- 
eon the flag 202 indicating the presence or absence of 

20 the succeeding resource management data is set to 
"OFF" state (step 1012). Then, the identifier RIDx is 
returned to the user application (step 1013). 

§3. Resource Access Processing 

25 

When the system call indicating a resource access 
request is Issued by the user application to the operat- 
ing system, tiie latter executes the processing illustrated 
in Fig. 4. 

30 The operating system assigns the Identifier RIDx 
which is the argument of tiie system call to the hash 
function to obtain the index of the resource manage- 
ment data 105 (step 1 100). Subsequently, the identifier 
RID contained in the resource management data 105 

35 located at the index is compared with the argument 
RIDx (step 1101). When the values of the identifier RID 
and the argument RIDx differ from each other and when 
the flag 202 indicating the presence or absence of the 
succeeding resource management data in the resource 

40 management data 105 is set "ON", I.e., when the suc- 
ceeding resource management data 105 exists (step 
1 102), the pointer 203 is followed up to the succeeding 
resource management data (step 1103), whereon the 
comparison between tiie identifier and the argument 

45 mentioned above is again performed (step 1101). In the 
case where the identifiers RID of all the resource man- 
agement data 1 05 which can be followed with the point- 
ers do not coincide with the argument RIDx, It Is then 
decided tiiat the resource as requested does not exist In 

50 the system whereupon an error message is returned to 
the user application (step 1104). On the other hand, 
when coincidence Is found between the identifier RID 
contained in the resource management data 105 and 
the argument RIDx in the comparison step 1101, then 

55 the process identifier PIDx of the process accessing 
currently the resource is compared with the process 
identifier PID 207 contained in the process manage- 
ment data 107 (step 1 105). When it is found in the step 
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1105 that the values of both the identifiers differ from 
each other and when the flag 208 contained in the proc- 
ess management data 107 and indicating the presence 
or absence of the succeeding process management 
data is "ON" (indicating that the succeeding process 
management data 107 exists) (step 1106), the succeed- 
ing pointer 209 is followed to reach the succeeding 
process management data (step 1107). whereon the 
comparison of the process identifiers mentioned above 
is again performed (step 1 105). When the process iden- 
tifiers PfD contained in all the resource management 
data 1 05 which can be followed with the aid of the point- 
ers do not coincide with the argument PIDx, It is then 
decided that the user application issuing the system call 
has no access right to the resource, whereon an error 
message is returned to the user application (step 1 1 08). 

On the other hand, when the coincidence Is found 
between the process Identifier and the argument In the 
step 1 105, access to the resource Is performed by using 
the resource address stored in the resource pointer 205 
contained in the resource management data 105 (step 
1109). 

§4. Resource Deallocation Processing 

In the case where a system call requesting the 
deallocation of the resource is Issued to the operating 
system from the user application, then the resource 
deallocation processing is performed for that resource. 
Additionally, when deallocation of the resources 
becomes necessary due to abnormal termination of a 
process, then the resource deallocation processing Is 
performed for the resources corresponding to all the 
identifiers contained in the identifier list specific to the 
process terminated abnormally. The resource dealloca- 
tion processing will be described below by reference to 
Fig. 5. In the first place, the operating system inhibits or 
block the access to all the resources (step 1200) and 
places the identifier RIDx of the resource to be deallo- 
cated in the hash function as a key to obtain the index 
"Index" of the resource management data 105 (step 
1201). Subsequently, the identifier RID contained in the 
resource management data 105 stored in the area indi- 
cated by the index is compared with the key or identifier 
RIDx (step 1202). When the values of both the Identifi- 
ers differ from each other and when the flag 202 Indicat- 
ing the presence or absence of the succeeding 
resource management data is "ON", i.e., when the suc- 
ceeding resource management data 105 exists (step 
1203), the pointer 203 is followed up to the succeeding 
resource management data (step 1204), whereon the 
identifier comparison mentioned above is again 
repeated (step 1202). In case the Identifiers RID of all 
the resource management data 105 which can be fol- 
lowed with the pointers do not coincide with the key or 
Identifier RIDx, it Is then decided that the resource as 
requested does not exist, whereupon an error message 
is returned to the user application (step 1205). 



On the other hand, when coincidence between both 
the Identifiers RID and RIDx Is found in the step 1202, 
the address of the process management data 107 
stored in the pointer 204 to the process management 

5 data is acquired (step 1206). When the succeeding 
resource management data 105 exists (step 1207), the 
resource management data 105 specified by the Identi- 
fier RIDx is released or unlocked (step 1209) after 
changing the string of the pointers 203 to the resource 

TO management data (step 1208). Subsequently, the 
pointer acquired in the step 1206 is followed and It is 
checked whether or not the flag contained In the proc- 
ess management data 107 and indicating the presence 
or absence of the succeeding process management 

15 data is "ON" (step 1210). If the flag is "ON", the pointer 
209 to the succeeding process management data is 
acquired (step 1211), whereupon a message indicating 
that the process management data 107 is released or 
deallocated and that the identifier RID can no more 

20 used is issued to the user applications, i.e., individual 
processes (step 1212). On the other hand, when it is 
dedicated in the step 1210 that the flag 208 indicating 
the presence or absence of the succeeding resource 
management data Is "OFF", the final process manage- 
rs ment data 107 is released or deallocated, whereon the 
message indicating that the identifier RID can no more 
be used Is Issued to the user application (step 1213). 
which is then followed by the reopening of the access to 
all the resources (step 1214). 

30 In conjunction with the method described above, it 
Is noted that even when the index "Index" contained In 
the resource management data table 104 can be 
obtained by assigning an illegal identifier RIDz to the 
hash function as the key, the Illegal identifier RIDz can 

35 not be found In the resource management data 105 
which can be followed or traced with the Index. Conse- 
quently, no resource address can be obtained, render- 
ing the access impossible. Further, even If the illegal 
Identifier RIDz should be contained accidentally in the 

40 resource management data 105 traced with the index, 
the Identifier of the process making access to the 
resource Is not stored in the process management data 
107. Consequently, the address of the resource can not 
be gained. Thus, Illegal access can be inhibited or disa- 

45 bled. 

Furthermore, in the resource unlock processing, 
the resource protection can be realized by Inhibiting or 
disabling all the accesses of the user applications to the 
resource, while illegal access after the resource deallo- 
50 eating can be inhibited by invalidating the identifier, 
releasing the resource management data and the proc- 
ess management data which can be traced with the 
Index and issuing the message informing the processes 
of the deallocating of the resource. 

55 

SUMMARY OF THE INVENTION 

In the continuous media processing, operation of a 
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process for processing data such as animation data is 
accompanied witli periodicity. A process scheduling 
method making use of this feature has already been 
proposed. For more particulars of this method, refer- 
ence may be made to Japanese Patent Application No. 5 
8-73673. 

In this conjunction, it Is noted that the priority inver- 
sion problem discussed hereinbefore affects adversely 
the process scheduling method based on the periodicity 
mentioned above as well. By way of example, it is 10 
assumed that there exist two processes, namely proc- 
ess 1 and process 2, for carrying out the continuous 
media processing and that there exists a resource A 
which is shared by these two processes. In that case, 
when the process 1 and the process 2 attempt to control is 
or manage mutually exclusively the shared resource A 
by making use of the lock function, there may arise the 
priority inversion problem, which will inrpair the periodi- 
cal drivability of the process. 

Further important problem incun-ed by the priority 20 
inversion can be seen in that the process having been 
locked, bringing about the priority inversion problem, Is 
scheduled witii highest preference. Thus, it is safe to 
say that the priority inversion problem exerts adverse 
influence even to the periodical drivability of other proc- 25 
ess partaking in the continuous media processing. 

Under the circumstances, in tiie system designed 
for performing the continuous media processing, there 
is conceivable a method of structuring a computer sys- 
tem without using any lock at all from the beginning in 30 
order to evade the priority inversion problem. As a 
method of realizing the exclusive control or mutually 
exclusive management of the process, such process 
control or management method may be conceived in 
which the process using currently the shared resource 35 
is allowed to occupy exclusively the CPU (Central 
Processing Unit) or, to say in another way, any other 
process is inhibited or disabled from being scheduled so 
long as tiie shared resource is being used by a given 
one of the processes. Such control or managing method 40 
can be realized by adopting a preempt control method 
proposed in Japanese Patent Application No. 8-97997. 
Parenthetically, the preenpt control method concerns 
prevention of a process being executed from being tem- 
porarily suspended (I.e., preempted) by providing inter- 4s 
faces "preempt disabling" and "disabled-preempt 
releasing or clearing^ wherein during a period interven- 
ing between a time point at which the preempt disabling 
is validated and a time point at which the preempt disa- 
bling is cleared (this period may also be referred to as so 
the preempt-disabled Interval), tiie process In execution 
is prevented from being preempted and thus can con- 
tinue the execution even when a scheduling request Is 
issued from any other process. By virtue of such control, 
it can be ensured tiiat no more tiian one process can ss 
use the shared resource at any time. In other words, the 
exclusive control or management of the processes can 
thus be realized. 



It is however noted that with the control method 
mentioned above, periodical drivability of the otfier proc- 
ess may be impaired when the process using the 
shared resource runs over a prolonged duration. 

Let's consider, for example, a processing for 
extracting a resource from a free list in which usable 
resources shared in the system are queued, initializing 
the resource as extracted and chaining it to a resource 
allocation list of a given process. In that case, the 
shared resources which need the mutually exclusive 
control or management are the free list and the 
resource allocation list. 

When the processing mentioned above is to be 
realized only by setting the preempt-disabled interval, it 
is then necessary to set the preempt-disabled Interval 
so that It extends from a time point "preceding to con- 
tacting the free list" to a time point at which "the 
resource has been chained to the resource allocation 
list". To this end. processings (1a) to (5a) mentioned 
below will have to be carried out. 

(1a) Setting tiie preempt-disabled state. 
(2a) Taking out the resource from the free list 
(3a) Initialization of the resource. 
(4a) Chaining the resource to the resource alloca- 
tion list for the processes. 
(5a) Clearing the preempt-disabled state as set. 

At tiiis juncture, it Is noted that the time taken for ini- 
tialization of the resource is not always short. In fact, 
time In the order of several ten milliseconds Is taken 
solely for the initialization of a memory upon memory 
allocation internally of the operating system. Accord- 
ingly, when the mutually exclusive control is to be real- 
ized only by setting tiie preempt-disabled interval, as 
mentioned above, there may arise such situation that a 
given one process occupies the CPU for an extended 
time, which will result in degradation in the response 
performance on tiie real-time basis, eventually exerting 
adverse influence to the periodical drivability of the con- 
tinuous media processing. 

As the means for coping with the above problems, 
the processings mentioned above may be modified or 
rearranged as follows: 

(1b) Setting tiie preempt-disabled state. 
(2b) Taking out tiie resource from the free list. 
(3b) Clearing the preempt-disabled state as set. 
(4b) Initializing tiie resource. 
(5b) Setting the preempt-disabled state. 
(6b) Chaining the resource to the resource alloca- 
tion list for tiie processes. 
(7b) Clearing the preempt-disabled state as set. 

The above processings can certainly satisfy tiie 
necessary condition from tiie view point of the mutual 
exclusive conti-oi or management. Besides, the duration 
of tiie preempt-disabled interval can be reduced to ca. 
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10 ^sec, while in the resource initialization processing 
(4b), the right of using the CPU can be transferred to 
other process. Thus, the real-time response perform- 
ance of the system can be improved. Unfavorably, how- 
ever, there may arise a problem when the process 
executing the resource initialize processing (4b) is 
externally forced to terminate in the course of executing 
this processing. 

In general, most of computer systems are equipped 
with a function for stopping externally process execution 
for coping with overrunning of a program. Accordingly, 
when the process executing the processings mentioned 
above is forced to terminate by other process by resort- 
ing to the forcive terminate function mentioned above, 
then the resource initialized by the processing (4b) may 
become a free resource belonging to none of the man- 
agement lists. As the result of this, such situation may 
arise in which the operating system can not recover the 
resource when the process is terminated, which in turn 
means that the resource used by the process termi- 
nated forcibly becomes unusable for ever. In order to 
evade this problem, there may be conceived a method 
of initializing the resource in the state where the 
resource is chained to the free list or the resource allo- 
cation list. In that case, however, the duration of the 
preemptKiisabled interval period is substantially equal 
to that of the preempt-disabled period covering the 
whole processings described hereinbefore. As another 
method, it is equally conceivable to prepare separately 
a list for managing the resources under initialization, 
wherein the resource undergoing the processing (4b) is 
chained to this list. However, this method is disadvanta- 
geous in that overhead involved in the initialization 
processing increases because of an increased number 
of times the list-chain changing processing has to be 
performed. 

In the light of the state of the art described above, 
the inventor of the present application has developed a 
process executing method which is capable of process- 
ing the shared resource without affecting adversely the 
periodical drivability of the continuous media processing 
by making use of the preempt control method. 

Accordingly, it is a first object of the present inven- 
tion to provide a process executing method for execut- 
ing processes which use a shared resource In a 
computer system designed for continuous media 
processing. 

According to the teaching of the invention, it is 
declared by the process In precedence to the use of the 
shared resource that the process is not forcibly termi- 
nated. Parenthetically in the description which follows, 
expression "process is not aborted'* or the like is used, 
which means that the process is not forcibly terminated, 
and prevention of the process from being forcibly termi- 
nated is expressed as "abort disabling" or the like. Thus, 
"the state in which a process is prevented from being 
aborted" may be expressed as "abort-disabled state" or 
the like. Additionally, the process is "preempt-disabled", 



which mean that the process is protected against inter- 
ruption or suspension of the processing or task exe- 
cuted by that process. At the end of the use of the 
shared resource, the process is cleared from the 

5 preenrtpt-disabled state. Upon completion of all the 
processings for the shared resource, rt is declared by 
the process that it may be forcibly terminated, which is 
expressed as "clearing the process from the abort-disa- 
bled state" or simply as "clearing of the abort^lisabled 

70 state" or so. Further, the time period or interval interven- 
ing between the abort-disable declaration and the 
abort<lisabled state clearing declaration is called 
"abort-disabled interval". When a request for the forcive 
termination of a process is issued during the abort-dis- 

75 abled period or interval, execution of the process is con- 
tinued until the processing to be executed during the 
abort-disabled period has been completed. When the 
abort-disabled state is cleared, the process is forcibly 
terminated. 

20 In a preferred mode for carrying out the invention, a 
sole process dedicated for coping with such situation 
that the shared resource Is used by a process over a 
prolonged duration is provided in the system. Further, 
for sending the requests for using the shared resource 

25 to the sole process, there is provided a queue. The 
other process destined for performing the continuous 
media processing issues a shared resource use request 
to the sole dedicated process before starting the period- 
ical driving, and upon completion of the processing for 

30 the shared resource, the periodical driving is validated. 
The request mentioned above is registered in the 
queue. Provision of such dedicated process can ensure 
that it is always only one process in the system that can 
perform the processing for the shared resource. Thus, 

35 the processing for the shared resource can be effectu- 
ated in the preempt-enabled state, which in turn means 
that the processing for tiie shared resource can be exe- 
cuted in parallel with the periodically driven process or 
processes. 

40 By virtue of combinations of the two process exe- 
cuting methods mentioned above, a plurality of proc- 
esses which use the shared resource can be executed 
without exerting any noticeable adverse influence to the 
processes driven periodically in the multiprocessing 

45 environment in which a plurality of processes can run in 
parallel witii one another. 

On the other hand, in the case of the method 
according to which the identifier is placed in or assigned 
to the hash function as a key to determine the index 

50 "Index" of the resource management data containing 
the address of the resource for making access to the 
resource, there arise problems mentioned below in exe- 
cuting such processing which has to process a large 
amount of data at a high speed on a real-time basis 

55 while allocating a CPU time at every predetermined 
interval as in the case of the multi-media data process- 
ing. 
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(1) When a plurality of processes make simultane- 
ous access to one data, collision of the hash values 
will take place in the accessing method using the 
hash function, which makes it necessary to search 
the overflow area while following pointers until the 
identifier of the resource as searched is found. 

Further, when the identifier is found, it is neces- 
sary to search the process management data by 
following with the pointers until the process identi- 
fier is found in order to check whether or not the 
process attempting to make access to the shared 
resource has really the access right (i.e., the right of 
accessing the resource). Consequently, overhead 
involved in the processing increases considerably 
while the time taken for the memory access 
becomes too long to be useful for effective repro- 
duction of the data. 

(2) In the system in which the user application 
unlocks the resource, the operating system has to 
follow or trace the pointers of all the process man- 
agement data in order to acquire the identifier of the 
process using the resource and release the proc- 
ess management data as found while messaging to 
the individual processes that the resource can not 
be used. During the period for the search men- 
tioned above and for the execution of succeeding 
processings, all the accesses from the user appli- 
cations to the resource are disabled or inhibited. 
Consequently, in the case where the resource deal- 
location processing takes place and in the system 
in which there exist a plurality of processes to be 
processed on a real time basis, overhead involved 
in searching the processes sharing the resource to 
be deallocated and executing the succeeding deal- 
location processing will increase considerably In 
that case, the real-time processing is very difficult to 
realize or rendered impossible. 

In the light of the foregoing, it is a second object of 
the present Invention to provide an accessing method 
which is capable of reducing the overhead involved in 
the translation between the identifier and tiie address 
while sustaining the access right control function of the 
conventional method and decreasing the time or period 
during which the access to the shared resource for exe- 
cuting the process terminating processing is disabled. 

For achieving the above and other objects which 
will become apparent as description proceeds, it is 
taught according to an aspect of the present invention 
that an identifier composed of address information and 
generation identifying information of a resource is 
assigned to a resource upon generation thereof and at 
the same time the generation identifying information is 
stored at a leading location of the resource. The gener- 
ation identifying information is extracted from an identi- 
fier transferred as an argument of a system call issued 
by a user application upon making access to the 
resource. The extracted generation identifying informa- 



tion Is compared with the generation identifying informa- 
tion stored in the resource at the leading location 
thereof. Access to the resource is enabled when coinci- 
dence is found between both the generation identifying 
5 information while disabled when discrepancy is found 
between both the generation identifying information. In 
this way, the access right to the resource can be conti-ol- 
led solely by comparing both the generation identifying 
information. 

10 The above and other objects, features and attend- 
ant advantages of the present invention will more easily 
be understood by reading the following description of 
the preferred embodiments thereof taken, only by way 
of example, in conjunction with the accompanying draw- 

15 ings. 

BRIEF DESCRIPTION OF THE DRAWINGS 

In the course of the description which follows, refer- 
ee ence is made to tiie drawings, in which: 

Rg. 1 is a schematic diagram for illustrating a con- 
ventional scheme for controlling access right to a 
shared resource in a multiprocessor computer sys- 

25 tern known heretofore; 

Fig. 2A is a view for illustrating schematically a 
structure of resource management data employed 
for resource management in a computer system; 
Rg. 2B is a view for illustrating schematically a 

30 Structure of process management data employed 
for process management in the computer system; 
Rg. 3 is a flow chart for illustrating a conventional 
resource allocation processing; 
Rg. 4 is a flow chart for illustrating a conventional 

35 resource access processing; 

Rg. 5 is a flow chart for illustrating a conventional 
resource deallocation processing; 
Rg. 6 is a schematic diagram showing a group of 
modules and data required for carrying out the 

40 metiiod according to the embodiment of the present 
invention; 

Rg. 7 is a flow chart for illustrating a processing 
procedure carried out according to the embodiment 
of the invention shown in Fig. 6; 
45 Rg. 8 is a flow chart illustrating a processing proce- 
dure of an abort disable function (21) shown in Fig. 
6; 

Rg. 9 is a flow chart illustrating a processing proce- 
dure of a preempt disabling function (32) shown in 
50 Rg. 6; 

Rg. 10 is a flow chart illustrating a processing pro- 
cedure of a disabled-preempt clear function (33) 
shown in Fig. 6; 

Rg. 1 1 is a flow chart illustrating a processing pro- 
55 cedure of a disabled-abort clear function (22) 
shown in Fig. 6; 

Rg. 12 is a schematic diagram showing modules 
employed in carrying out the process executing 
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method according to another embodiment of the 
invention; 

Fig. 13 is a flow chart for illustrating a processing 
procedure of processes (210-212) shown in Fig. 12; 
Fig. 14 is a flow chart for illustrating a processing 
procedure performed by a processing request mes- 
saging module (300) shown in Fig. 12; 
Fig. 15 is a flow chart for illustrating a processing 
procedure performed by a serializer process mod- 
ule (220); 

Fig. 16 is a flow chart for illustrating processings 
performed by processing completion messaging 
module (310-312) shown In Fig. 12; 
Figs. 17A. 17B and 17C are views showing sche- 
matically major structural components partaking in 
the control or management of access right; 
Fig. 18 is a flow chart for illustrating generally a flow 
of resource access processing; 
Fig. 19 is a flow chart for illustrating schematically a 
resource allocation processing; 
Fig. 20 is a flow chart for illustrating a generation 
identifying information creating (makejdinf) 
processing; 

Fig. 21 is a flow chart for illustrating a resource area 
acquisition (allocjd) processing; 
Fig. 22 is a flow chart for illustrating a identifier cre- 
ating (makejd) processing; 
Fig. 23 is a flow chart for illustrating a resource 
access processing; and 

Fig. 24 is a flow chart fa illustrating a resource 
deallocation processing. 

DESCRIPTION OF THE PREFERRED EMBODI- 
MENTS 

Now, the present invention will be described in 
detail in conjunction with what is presently considered 
as preferred or typical embodiments thereof by refer- 
ence to the drawings. In the following description, like 
reference characters designate like or corresponding 
parts throughout the several views. 

Figure 6 shows schematically a set of modules and 
data required for carrying out a method according to an 
embodiment of the present invention. 

In the figure, reference numeral 10 denotes a proc- 
ess management table 10 for controlling or managing 
processes. In the process management table 1 0, there 
are held an abort request flag 1 1 , an abort-disabled flag 
12, a counter 13 for counting abort disablings nested. 
Further, reference numeral 20 denotes a process man- 
agement module for controlling or managing processes. 
21 designates an interface function for setting the abort 
disabling. 22 denotes an interface function for clearing 
the abort disabling, and 200 denotes a process which 
requires the processing for a shared resource. Further- 
more, reference numeral 40 denotes a function which 
uses a shared resource provided in the process 200 
and which holds work areas 23 and 37. Additionally, ref- 



erence numeral 30 denotes a preempt control module 
which is based on the teaching of the invention dis- 
closed in Japanese Patent Application No. 8-97997. 
More specifically, the preempt control module 30 

5 includes a scheduler 3 1 , a preempt disable function 32, 
a disabled-preempt clear function 33, a scheduling 
request flag 34, a preempt-disabled flag 35 and a coun- 
ter 36 for counting the preempt disablings nested. 
Rgure 7 is a flow chart for illustrating a flow of con- 

10 trols for the abort disabling and the preempt disabling in 
a process for realizing a feature of the present invention. 
When processing relating to the shared resource is to 
be executed, the function 40 included in the process 
200 destined for executing the above-mentioned 

15 processing initially inhibits its own process from being 
aborted by using the abort disable function 21 (step 
1300). Immediately before using the shared resource, 
the function 40 inhibits its own process from being 
preempted by using the preempt disable function 32 

20 held in the preempt control module 30 (step 1301), 
whereon the processing which makes use of the shared 
resource is executed (step 1302). Upon completion of 
the processing for the shared resource, the disabled 
preempt is instantaneously released or cleared with the 

25 aid of the disabled-preempt clear function 33 held in the 
preempt control module 30 (step 1 303). At this juncture, 
it should be mentioned that setting of the preempt-disa- 
bled interval (or preempt<lisabled section in the light of 
the control flow) extending from the preempt disabling to 

30 the disabled-preempt clearing (corresponding to the 
section extending from the step 1301 to the step 1303) 
is limited to such processing for the shared resource 
which is terminated within a time exerting no adverse 
influence to the periodical driving performance, e.g. a 

35 time not longer than 10 % of a minimum time required 
for managing the periodical driving. During a period pre- 
ceding to the subsequent declaration of the preempt 
disabling, there prevails a preempt-enabled state where 
processings require relatively a lot of time such as ini- 

40 tialization for the allocated resource or the like is exe- 
cuted (step 1304). During this period, execution of the 
process 200 may be temporarily interrupted (or sus- 
pended) while allowing other processes to be sched- 
uled. When the processing for the shared resource 

45 becomes necessary again, the process 200 sets itself 
once more to the preempt-disabled state (step 1305). 
When the processing for the shared resource (step 
1306) comes to an end, the preempt disabling is 
released or cleared (step 1307). Upon completion of all 

50 the processings, the abort disabling is cleared finally by 
resorting to the use of the disabled-abort clear function 
22 (step 1308). 

In the case of the example illustrated in Fig. 7, the 
preempt-disabled interval makes appearance twice dur- 

55 ing the period extending from the abort disabling to the 
disabled-abort clearing. In actual applications, the 
number of such preempt-disabled intervals may be 
more than three inclusive thereof. 
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Figure 8 is a flow chart illustrating In detail an Inter- 
nal processing of the abort disabling procedure (1300) 
mentioned above by reference to Fig, 7. Execution of 
the processing shown in Fig. 8 is effectuated by using 
the abort disable function 21 . To this end. the abort dis- 5 
able function 21 checks at first whether the abort-disa- 
bled flag 12 held in the process management table 10 
managing the process 200 is in the OFF-state or not 
(step 1400). When the abort-disabled flag 12 is OFF, 
then the abort disable function 21 sets the abort-disa- 10 
bled flag 12 to the ON-state (step 1401). Subsequently, 
the abort disable function 21 increments the value of the 
counter 13 by one {step 1402). The procedure shown in 
Fig. 8 is indivisible in execution thereof. 

Figure 9 is a flow chart illustrating in detail internal is 
processing of the preempt disabling procedure (1301, 
1305) mentioned above by reference to Fig. 7. The 
processing shown in Fig. 9 is executed by means of the 
preempt disable function 32 shown in Fig. 6. At first, the 
preempt disable function 32 checks whether the 20 
preempt<lisabled flag 35 held in the preempt control 
module 30 is in the OFF-state or not (step 1500). When 
the preempt<lisabled flag 35 is OFF, then the preempt 
disable function 32 sets the preempt-disabled flag 35 to 
the ON-state (step 1501). Subsequently, the preempt 25 
disable function 32 increments the value of the counter 
36 by one (step 1502). The whole procedure shown in 
Fig. 9 is executed indivisibly. 

Figure 1 0 is a flow chart illustrating in detail internal 
processing of the disabled-preempt clearing procedure 30 
(1303, 1307) mentioned above by reference to Fig. 7. 
Execution of the processing shown in Fig. 10 is in 
charge of the disabled-preempt clear function 33 shown 
in Fig. 6. At first, the disabled-preempt clear function 33 
checks whether or not the nest value (described herein- 35 
after) of the function transferred as the first argument 
coincides with the value of the counter 36 (step 1600). 
Unless coincidence is found, then an abnormality 
processing is carried out. On the other hand, when the 
coincidence is found, the value of the counter 36 incor- 40 
porated in the preempt control module 30 is decre- 
mented by one (step 1601). When the value of the 
counter 36 resulting from the decrementation is positive 
(plus), then the processing is terminated intact (step 
1602). On the contrary, in case the value of the counter 45 
36 is zero or negative (minus), the preempt-disabled 
flag is set to the OFF-state (step 1603). Subsequently, 
the scheduling request flag 34 held internally of the 
preempt control module 30 is checked (step 1604). 
When this flag is OFF, then the processing is term!- so 
nated. On the other hand, when the scheduling request 
flag 34 is in the ON-state, the scheduler 31 is activated 
(step 1605) to thereby validate the execution of the 
scheduling processing for the process. 

Figure 1 1 is a flow chart illustrating in detail internal ss 
processing of the disabled-abort clearing procedure 
(1308) mentioned above by reference to Fig. 7. The 
processing shown in Fig. 1 1 is executed with the aid of 
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the disabled-abort clear function 22 shown in Fig. 6. At 
first, the disabled-abort clear function 22 checks 
whether or not the nest value (described hereinafter) of 
the function transferred as the first argument coincides 
with the value of the counter 13 (step 1700). Unless 
coincidence is found, then an abnormality processing is 
performed. On the other hand, when coincidence is 
confirmed, the value of the counter 13 incorporated in 
the process management table 10 managing the proc- 
ess 200 is decremented by one (step 1701). When the 
value of the counter 13 resulting from the decrementa- 
tion is positive (plus), the processing is terminated intact 
(step 1702). By contrast, in case the value of the coun- 
ter 13 is zero or negative (minus), the abort-disabled 
flag is set to the OFF-state (step 1703). Subsequently, 
the abort request flag 1 1 held internally of the process 
management table 10 is checked (step 1704). When 
this flag is OFF, then the processing is terminated. On 
the other hand, when the abort request flag 1 1 is ON, 
the process management module 20 is activated (step 
1705) to thereby validate the execution of the abort 
processing for the process 200. 

Furthermore, in case the processing shown in Fig. 
1 1 is terminated in the OFF-state of the abort request 
flag 11, the process management module 20 activates 
the scheduler 31 incorporated in the preempt control 
module 30 to perform the process rescheduling 
processing. 

Referring to Fig. 6, the interval or period during 
which the abort-disabled flag 12 remains in the ON- 
state, i .e. , the period from a time point at which the abort 
disable function 21 is called to set the abort-disabled 
flag 12 to the ON-state to a time point at which the disa- 
bled-abort clear function 22 is called to set tiie abort- 
disabled flag 12 to the OFF-state represents the abort- 
disabled interval. The abort-disabled flag 12 is in the 
OFF-state when the process is created or generated 
and set to the ON-state only when the abort disable 
function 21 is called. In case the forcive termination of 
the process 200 occurs during the abort-disabled inter- 
val during which the abort-disabled flag 12 remains in 
the ON-state as set by the abort disable function 21 
called by the process 200, tiie process management 
module 20 executes only the processing for setting the 
abort request flag 1 1 to the ON-state while allowing the 
processing of tiie process 2O0 to be continued. The for- 
cive termination of the process 200 is validated when 
the abort-disabled flag 1 2 is set to the OFF-state by the 
disabled-abort dear function 22 called by tiie process 
200. 

Further, referring to Fig. 6, tiie inten^al or period 
during which the preempt-disabled flag 35 remains in 
the ON-state, i.e.. the period extending from a time point 
at which the preempt disable function 32 is called to set 
the preempt-disabled flag 35 to the ON-state to a time 
point at which tiie disabled-preempt clear function 33 is 
called to set the preempt-disabled flag 35 to tiie OFF- 
state represents the preempt-disabled interval. The 
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preempt-disabled flag 35 is in the OFF-state when the 
system is activated and set to the ON-state only when 
the preempt disable function 32 is called. In case the 
scheduling request for the other process(es) occurs 
during the interval in which the preempt-disabled flag 35 
remains in the ON-state as set by the preempt disable 
function 32 called by the process 200, the scheduler 31 
executes only the processing for setting the scheduling 
request flag 34 to the ON-state while allowing the 
processing of the process 200 to be continued without 
scheduling the other process(es). When the preempt- 
disabled flag 35 is set to the OFF-state by the disabled- 
preenopt clear function 33 called by the process 200, the 
scheduler 31 sets the scheduling request flag to the 
OFF-state and suspends the execution of the process 
200 while allowing other processes to be scheduled. 

Referring to Fig. 7, in the interval or section extend- 
ing from the step 1301 to the step 1303 and in the inter- 
val or section extending from the step 1305 to the step 
1307, the preemption is disabled, which in turn means 
that the right of using the CPU (Central Processing Unit) 
is never transferred to other process. Thus, it Is only the 
running process that can use the shared resource. In 
other words, any other process is inhibited from using 
the shared resource, whereby the exclusive control or 
management of the resource can be realized, which 
makes it possible to perform the continuous media mul- 
tiprocessing using the shared resource. Additionally, 
because abortion is disabled during the interval span- 
ning over the steps 1300 to 1308, any process acquired 
the resource is caused to vanish due to the forcive ter- 
mination. Thus, the resource is positively prevented 
from falling in such state that it can not be utilized for an 
indefinite period. 

The abort disabling as well as the disabled-abort 
clearing is effectuated through the medium of interfaces 
mentioned below, respectively. 

(Function Name) 

abort_disable(*level) 

(Argument) 

level: the depth of the nest formed by a pair of the 
instant function now under consideration and the func- 
tion ''abort_enable" is returned. 

(Elucidation ) 

The function now of concern can make the currently 
executed process transit to the abort-disabled state. 
This function and the function ''abort_enable" may be 
issued in a pair during the section or period spanning 
over the transition to the abort-disabled state in 
response to the issuance of this function and the resto- 
ration to the abort-enabled state in response to the issu- 
ance of the function "abort_enable". This means that 



the pair of the function now of concern and the function 
"abort_enable" can be nested. The function now of con- 
cern and the function "abort^enable" issued internally of 
the nest make no state transition between the abort-dis- 
5 abled state and the abort-enabled state. The argument 
"level" reflects the depth of such nested state. 

(Function Name) 
10 abort__enabIe(level) 
(Argument) 

level: the level of the nest returned from the function 
15 "abort.disable" which constitutes the counterpart to be 
paired with the instant function is designated. 

(Elucidation) 

20 The function of concern can make the currently 
executed process be restored to the abort-enabled 
state. The function now of concern (i.e., "abort_enable") 
and the function "abort_disabIe" may be issued in a pair 
during the section or period spanning over the transition 

25 to the abort-disabled state in response to the issuance 
of the function "abort_disabIe" and the restoration to the 
abort-enabled state in response to the issuance of the 
instant function. This means that the pair of the function 
''abort_disable'* and the function now of concern 

30 "abort_enable" can be nested. The function 
**abort_disable'' and the function now of concern issued 
internally of the nest make no state transition between 
the abort-disabled state and the abort-enabled state. 
The argument "level" designates or represents the 

35 depth of such nest, i.e., the value of "level" due to the 
issuance of the counterpart function "abort_disable". 
This value is held by the operating system as well. Thus, 
discrepancy of this value with the depth of the nest 
specified by the argument, the so-called en-or return 

40 takes place. 

When the function 40 included in the process 20O 
uses the abort disable function 21, the function 40 
stores in its own work area 23 the current depth of the 
nest returned from the abort disable function 21. For 

45 issuing the disabled-at^rt clear function 22, the value 
stored in the work area 23 is designated or specified as 
the argument of the function 40. The disabled-abort 
clear function serves to compare the value mentioned 
above witii the current depth of the nest to validate the 

so error return unless coincidence is found between both 
the values mentioned above. By virtue of this function, it 
is possible to detect easily such a programming bug that 
the disabled-abort clear function which is to constitute 
the counterpart of the abort disable function in a pair, is 

55 at»sent 

The preempt disable processing and the disabled- 
preempt clearing processing can be carried out by mak- 
ing use of the disabled-preempt clearing interface and 



10 



19 



EP0 834 806 A2 



20 



the disabled-preempt clearing interface disclosed in 
Japanese Patent Application No. 8-97997 mentioned 
hereinbefore. Namely, the following interfaces are 
employed. 

(Function Name). 

preempt_disable(*level) 

(Argument ) 

level: the depth of the nest formed by a pair of the 
instant function now of concern (i.e., "preempt_disable") 
and the function "preempt_enable" is returned. 

(Elucidation) 

The function now of concern makes the currently 
executed process transit to the preempt-disabled state. 
This function ''preempt_disable'' and the function 
"preenfpt_enable" may be issued in a pair during the 
section or interval intervening between the transition to 
the preempt-disabled state in response to the issuance 
of this function and the restoration to the preempt-ena- 
bled state in response to the issuance of the function 
"preempt_enable". This means that the pair of the func- 
tion now of concern and the function "preempt_enable" 
can be nested. The function now of concern and the 
function "preempt_enable'' issued internally of the nest 
make no state transition between the preempt-disabled 
state and the preempt-enabled state. The argument 
"level" reflects the depth of such nest. 

(Function Name) 

preempt_enable(level) 

(Argument) 

level: the level of the nest returned by the function 
"preempt^disable" which is to constitute a counterpart 
of the pair of the instant function is designated. 

(Elucidation) 

The function of concern can make the currently 
executed process restore to the preempt-enabled state. 
The function "preemptjdisable" and this function may 
be issued in a pair during the interval or period spanning 
over the transition to the preempt-disabled state In 
response to the issuance of the function 
"preempt.disable" and the restoration to the preempt- 
enabled state in response to the issuance of this func- 
tion. This means that the pair of the function 
"preempt_disable" and the function of concern can be 
nested. The function '•preempt_disable" and the func- 
tion now of concern issued Internally of the nest make 
no state transition between the preempt-disabled state 



and the preempt-enabled state. The argument "level" 
designates the depth of such nest, i.e., the value of 
"lever obtained due to the issuance of the counterpart 
function •'preempt_ disable". The depth of the nest is 

5 held by the operating system as well. Thus, discrepancy 
of this value with the depth of the nest specified by the 
argument, the so-called error return takes place. 

When the function 40 included in the process 200 
uses the preempt disable function 32, the function 40 

10 stores in its own work area 37 the current depth of the 
nest returned from the preempt disable function 32. For 
issuing the disabled-preempt clear function 33. the 
value stored in the work area 23 is designated or speci- 
fied as the argument of the function 40. The disabled- 

15 preempt clear function serves to compare the value 
mentioned above with the current depth of the nest to 
thereby validate the error return unless coincidence is 
found between both the values mentioned atjove. By vir- 
tue of this function, such a programming bug can easily 

20 be detected that the disabled-preempt clear function 
which is to constitute the counterpart of the preempt 
disable function In a pair is absent. 

Next, description will turn to an embodiment of the 
invention which is directed to a method of executing a 

25 process using a shared resource in the case where the 
shared resource is used for a prolonged duration. 

In the process executing method according to the 
instant embodiment of the invention, a periodically 
driven process performs processing for acquiring the 

30 resource as required by using the process executing 
method described below in the state not periodically 
driven in precedence to the start of the periodical driv- 
ing. After completion of the above processing, the proc- 
ess starts to be driven periodically. Once the periodical 

35 driving has been started, no processing is performed for 
acquiring the resource in the process executing method 
described below. 

Rgure 12 shows modules which are required for 
carrying out the process executing method according to 

40 tiie instant embodiment of the invention. 

In Fig. 12, reference numerals 210 to 212 denote, 
respectively, those processes which are requesting use 
of the shared resource, and numeral 220 denotes the 
sole process that is authorized to perform the process- 

45 ing for a specific shared resource. This process 220 will 
hereinafter be called the serializer process. Tlie serial- 
izer process , 220 is resident within the system. A 
numeral 300 denotes a processing request messaging 
module for messaging to the serializer process 220 the 

50 processing requests issued by the processes 210 to 
212. respectively. In correspondence to the serializer 
process 220, the sole processing request messaging 
module 300 is provided and constantly resident witiiin 
tile system as in the case of the process 220. Reference 

55 numerals 310 to 312 denote, respectively, processing 
completion messaging modules for transferring tiie 
process completion message from the serializer proc- 
ess 220 to the processes 210 to 212, wherein the 
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processing completion messaging modules 310 to 312 
are assigned to the processes 210 to 21 2, respectively, 
upon generation tliereof or upon issuance of the 
processing request therefrom. The processing request 
messaging module 300 and the processing completion 5 
messaging modules 310 to 312 have internally queues 
400. 410 to 412, respectively. 

Next, processings executed in the system shown in 
Fig. 12 will be described by reference to flow charts 
shown In Figs. 13 to 16. 10 

Figure 1 3 is a flow chart for illustrating a processing 
executed by each of the processes 210 to 212 which 
need the processing for the shared resource. More spe- 
cifically, each of the processes 210 to 212 issues a 
processing requesting message to the processing is 
request messaging module 300 for requesting the 
processing of the serializer process 220 which is capa- 
ble of accessing the shared resource (step 1800). The 
process 210 or 211 or 212 which has issued the 
processing request is immediately set to the state wait- 20 
ing for reception of the processing completion message 
from the associated one of the processing completion 
messaging modules 310 to 312 after completion of the 
processing request message. When the processing 
completion is informed from the processing completion 25 
messaging module 310 or 311 or 312 (step 1801), the 
process 210 or 21 1 or 212 fetches the processing com- 
pletion message from the queue 410 or 41 1 or 412 pro- 
vided in the associated one of the processing 
completion messaging modules 310 to 312 (step 1802), 30 
whereupon the processing for the shared resource as 
requested by one of the processes 21 0 to 212 comes to 
an end. 

Figure 1 4 is a flow chart for illustrating the process- 
ings performed by the processing request messaging 35 
module 300. It is first to be mentioned that the process- 
ing request messaging module 300 is constantly in the 
state ready for reception of the processing request mes- 
sage. Upon reception of the processing request mes- 
sage (step 1900). the processing request messaging 40 
oKxIuie 300 places the processing request message in 
the queue 400 in the order as the message is received 
(step 1901), whereon the processing request messag- 
ing module 300 informs the serializer process 220 that 
the processing request has been issued. 45 

Figure 1 5 is a flow chart for illustrating the process- 
ing performed by the serializer process 220 which is the 
sole process capable of performing processing for the 
shared resource. Similarly to the processing request 
messaging module 300, the serializer process 220 is so 
constantly in the state waiting for reception of the 
processing request message. Upon reception of the 
information concerning issuance of a processing 
request from the processing request messaging module 
300 (step 2000), the serializer process 220 fetches or ss 
receives the processing request from the queue 400 
incorporated in the processing request messaging mod- 
ule 300 (step 2001) to perform the processing on or for 



the shared resource in accordance with the request 
(step 2002). After completion of the processing for the 
shared resource, the serializer process 220 informs the 
processing completion and the result of the processing 
to one of the processing completion messaging mod- 
ules 310 to 312 which is associated with one of the 
processes 210 to 212 which has issued the correspond- 
ing processing request (step 2003). In the meanwhile, 
the serializer process 220 checks whether the next 
processing request is placed in the queue. If so. the 
serializer process 220 performs the processing for the 
shared resource in accordance with that processing 
request. Othenwise, the serializer process 220 resumes 
the state ready for reception or acceptance of the suc- 
ceeding or next processing request (step 2000). 

Rgure 16 is a flow chart for illustrating the process- 
ings performed by the processing completion messag- 
ing module 310 or 31 1 or 312. Each of the processing 
completion messaging modules 310. 311 and312isset 
to the state waiting for the message informing the 
processing completion simultaneously with issuance of 
the processing request from the associated one of the 
processes 21 0 to 21 2. Upon reception of the processing 
completion from the serializer process 220 (step 2100), 
the processing completion messaging module places 
the processing completion message and the result of 
the processing in the associated one of the queues 410 
to 412 (step 2101), whereupon the processing comple- 
tion messaging module 310 or 311 or 312 issues the 
message indicating the processing completion to the 
relevant one of the processes 210 to 212 which has 
issued the processing request (step 2102). 

In the case of the system illustrated in Fig. 12, it Is 
assumed that tiiere exist three processes 210. 21 1 and 
212 which request the processing for the shared 
resource. It goes however without saying that tiie con- 
tents of the processings are essentially invariable even 
when tiie number of the processes requesting the 
shared-resource involving processing is less or more 
than tiiree. 

At this juncture, it should be mentioned tinat the 
serializer process 220 in the system shown in Fig. 12 
operates constantiy in the preenpt-enabled state. 

Further, it should be again mentioned tiiat tiie proc- 
ess 210. 211 or 212 perform the resource acquiring 
processings mentioned above (Fig. 13) before the peri- 
odical driving tiiereof is started. In other words, the 
process (210, 211, 212) acquires the resource data in 
the state irrelevant to the periodical driving which is 
started only after the resource has been acquired due to 
the processing described above. 

By adopting the process executing method based 
on the serializer process described above, tiie exclusive 
control (i e., mutual exclusion control or management) 
need not be performed because the process which can 
perform processing directiy on or for the shared 
resource is only one, i.e., the serializer process. Thus, 
by virtue of the arrangement that the processing for the 
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shared resource is performed by the preempt-enabled 
irxlependent process dedicated to the processing for 
the shared resource, process execution can be acconn- 
plished without exerting any influence to the periodical 
driving performance (or periodical drivability) of other 
processes partaking in the continuous media process- 
ing. 

As is apparent from the foregoing description, a 
shared resource can be shared by the individual proc- 
esses involved in the continuous media processing or 
the like without exerting any influence to the periodical 
drivability of the processes in the multiprocessing envi- 
ronment in which the shared resource is made use of. 

Next, description will be made of an accessing 
method according to another embodiment of the 
present invention. 

§1 . Configuration 

Major components or modules partaking in an 
access right control will be described by reference to 
Figs. 17A. 17Band 17C. 

An resource identifier 600 shown in Fig. 17A is an 
argument of 64 bits contained in the system call issued 
by a user application for using the same in the access to 
the resource. Of the 64-bit argument, the leading 32 bits 
are used for identifying a starting or leading address 
601 of a resource 608 while the trailing 32 bits constitute 
generation identifying information 602. The resource 
identifier 600 is generated upon creation of the resource 
and used for making access to the resource until the 
resource is released or deal-located. 

A resource generation counter 603 shown in Fig. 
17B is created for each of the processes upon genera- 
tion thereof and serves as a counter for recording the 
number of times the resource is generated. The count 
value 604 of the resource generation counter 603 is set 
to the initial value of zero and incremented by one every 
time the resource is created. 

Generation identifying information 605 shown in 
Fig. 17C contains leading 16 bits representing a count 
value 606 of the resource creation counter with the trail- 
ing 16 bits representing a process identifier 607. 

Hereinafter, the resource which contains the gener- 
ation identifying information 609 at a leading or starting 
location thereof will be referred to as the resource 608. 

§2. Outline of Resource Access Processing of User 
Application 

Figure 18 is a flow chart illustrating a flow of pro- 
gram for executing the resource access processing car- 
ried out by the method according to the instant 
embodiment of the invention, which will be described 
below stepwise. 

(1) In a step 2200, a user application issues a sys- 
tem call requesting a process generating process- 



ing to the operating system, which responds thereto 
by creating a resource generation counter 603 for 
the process as generated. 

(2) In a step 2201 , the user application issues to the 
5 operating system a system call for the resource 

allocation processing. 

(3) In a step 2202. the user application issues to the 
operating system a system call requesting an 
access processing to the resource allocated in the 

10 step 2201. 

(4) In a step 2203, the user application issues to the 
operating system a system call requesting an deal- 
location processing of the resource allocated in the 
step 2201. 

75 

In the following, the processing for each of the sys- 
tem calls mentioned above will be desaibed in detail. 

§2.1. Resource Allocation Processing 

20 

Rgure 19 shows a flow chart for illustrating the 
resource allocation processing step 2201 shown in Fig. 
18. TTie resource generation counter is incremented by 
one (step 2300 in Fig. 19). whereon generation identify- 

25 ing information creating or making processing 
"makejdinf" is executed (step 2301), which is then fol- 
lowed by a step 2302 in which a resource area alloca- 
tion (or memory area acquisition) processing 
"alloc_mem" is executed and a step 2303 of creating an 

30 identifier "makejd" is executed. Thereafter, the genera- 
tion identifying information is stored at leading 32 bits of 
the resource area as returned (step 2304). 

§2.1.1. Generation Identifying Information Creating 
35 (makejdinf) Processing 

Rgure 20 shows a flow chart for illustrating the gen- 
eration identifying information creating processing in the 
step 2301 shown in Fig. 19. Hereinafter, this processing 

40 will also be referred to as "makejdinf" processing. The 
generation identifying information is created by a pair of 
the resource generation counter value and the process 
identifier of the process destined for the resource gener- 
ation. Referring to Rg. 20, the process identifier is first 

45 acquired (step 2400). whereon the resource generation 
counter value is placed in the leading 16 bits while a 
random number value as generated is stored in the trail- 
ing 16 bits, to thereby create or make the 32-bit genera- 
tion identifying information (step 2401). The generation 

50 identifying information as created is returned (step 
2402). 

§2.1 .2. Resource Area Acquisition (Memory Allocation) 
(alloc_mem) Processing 

55 

Rgure 21 shows a flow chart for illustrating the 
resource acquisition (or allocation) processing in the 
step 2302 shown in Fig. 19. This processing will also be 
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referred to as "alloc.mem" processing. Because the 
resource area is constituted by a generation identifying 
information area and a resource area, the resource area 
size added with the generation identifying information 
data size of 32 bits is determined (step 2500), whereon 5 
the resource area of the size as determined is allocated 
(step 2501). Thereafter, the leading address of the 
resource area (memory area) is returned (step 2502). 

§2.1.3. Identifier Creating (makejd) Processing 

Figure 22 shows a flow chart for illustrating the 
identifier creating processing in the step 2303 shown in 
Fig. 19. Hereinafter, this processing will also be referred 
to as "makejd" processing. The Identifier is constituted 
by a pair of the resource address and the generation 
identifying information. The address of the resource 
acquired in resource area allocation or '*alloc_mem'' 
processing (step 2302) is placed at leading 32 bits while 
the generation identifying information created in the 
generation identifying information creating "makejd" 
processing (step 2301) is placed at the trailing 32 bits, 
to thereby create the identifier of 64 bits (step 2600). 
The identifier as created is returned as the argument for 
use in making access to the resource (step 2601). 

§2.2. Resource Access Processing 

Figure 23 shows a flow chart for illustrating a 
resource access processing corresponding to the step 
2202 in Fig. 18. Refen^lng to Fig. 23. the leading 32 bits 
of the identifier received as the argument of the system 
call issued by the user application are extracted to 
thereby define the resource address while the trailing 32 
bits are extracted for defining the generation identifying 
information SI (step 2700). Subsequently, the leading 
32 bits are read out from the resource on the basis of 
the resource address to define the generation identify- 
ing Information S2, i.e.. "read_mem" Information (step 
2701). whereon the generation identifying information 
SI and 82 as extracted are compared with each other 
(step 2702). Unless the comparison results in coinci- 
dence, the access to the resource is not performed, and 
an error message is returned (step 2703). On the other 
hand, when the above comparison results In coinci- 
dence, then the access processing to the resource Is 
performed (step 2704). 

§2.3. Resource Deallocation Processing 

Figure 24 is a flow chart for illustrating a resource 
deallocation processing. 

Similarly to the resource access processing (step 
2202 shown in Fig. 18), in the resource deallocation 
processing (step 2203 shown in Fig. 18), the leading 32 
bits of the identifier received as the argument of the sys- 
tem call issued by the user application are extracted to 
define the resource address while the trailing 32 bits are 



extracted for defining the generation identifying informa- 
tion S1 (step 2800). Subsequently, the leading 32 bits 
are read out from the resource to define the generation 
identifying information 82 "read_mem" processing (step 
2801). Then, the generation identifying information SI 
and S2 mentioned above are compared with each other 
(step 2802). Unless the comparison results in coinci- 
dence, the resource is not deallocated and a corre- 
sponding error message is returned (step 2803). On the 
other hand, when the above comparison results in coin- 
cidence, then the resource deallocation processing is 
performed (step 2804). 

By virtue of the methods described above, there 
can be obtained advantageous effects mentioned 
below. 

(1) As is obvious from the description concerning 
the resource access processing (§2.2.), the 
address for accessing the resource is contained in 
the identifier which is the argument of the system 
call issued by the user application to the operating 
system. Thus, it is possible to make access to the 
resource by using the identifier in place of using the 
hash function for the translation between the identi- 
fier and the address. Consequently, overhead 
involved by the use of the hash function can be 
diminished. 

(2) Let's suppose that a process A and a process B 
share a resource and that the process A has issued 
a system call for deallocating the resource X. In that 
case, in the conventional system, the operating sys- 
tem searches the Identifiers contained in the 
resource management data by following the point- 
ers, starting from the index derived by using the 
hash function to thereby determine the address of 
the resource to be deallocated. Further, other proc- 
esses sharing the resource X is searched to 
release all the process management data as found 
and issue a message indicating that the resource X 
is invalid. In the meantime, the operating system 
inhibits or disables all the accesses to the shared 
resource from the user applications. 

By contrast, according to the methods of the 
invention, the address of the resource can be 
obtained for unlocking the resource without need 
for following the pointers for acquiring the address 
of the resource because the address has already 
been contained in the identifier of the resource X to 
be deallocated. Additionally, it is apparent from the 
previous description concerning the resource deal- 
location processing (§2.3.), the operating system 
controls or manage tiie resource access right on 
the basis of only the result of comparison between 
the generation identifying Information 31 contained 
In the identifier assigned to the resource X and the 
generation identifying information S2 stored in the 
leading of the resource X. Thus, the task imposed 
on the operating system is only the deallocation of 
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the resource X. 

In this manner, the duration of the state in 
which the access to the resource is disabled and 
which makes appearance between the successive 
process completion processings can be reduced to s 
only the time involved in deallocating the resource 
X. 

(3) In conjunction with the resource deallocation 
processing described above, it is again assumed 
that a process C generates a resource Y and alio- io 
cates the created resource Y to the address having 
been allocated to the resource X in the state in 
which the resource X is deallocated or released. In 
that case, the operating system issues to the proc- 
ess B no information or message indicating that the is 
resource X has been deallocated. Consequently, 
there may arise such situation that the process B 
tries to make access to the resource Y on the basis 
of the address information contained In the identi- 
fier of the process B. However, because the identi- 20 
fier contains not only the address information but 
also the generation identifying information and 
because the generation identifying information is 
different between the identifier assigned to the 
resource X and the identifier assigned to the 25 
resource Y. the process B trying to make access to 
the resource Y with its own identifier can not access 
the resource Y In this manner, the illegal access 
can be positively inhibited or disabled. 

30 

§3. Other Embodiments 

Many features and advantages of the present 
invention are apparent form the detailed description and 
thus it is intended by the appended claims to cover all 35 
such features and advantages of the system which fall 
within the true spirit and scope of the invention. Further, 
since numerous modifications and combinations will 
readily occur to those skilled in the art, it is not intended 
to limit the invention to the construction and operation 40 
illustrated and described. Accordingly all suitable modi- 
fications and equivalents may be resorted to, falling 
within the spirit and scope of the invention. Modifica- 
tions of the embodiments described above will be men- 
tioned below. 45 

§3.1. System Utilizing System Clock 

Upon starting-up of the system, a 32-bit system 
clock is generated for holding the time as lapsed on a so 
^0^\l second basis. 

When a resource is created, the value of the sys- 
tem clock is fetched as the generation identifying infor- 
mation which is then stored at a leading address of the 
resource. An identifier of 64 bits is created which is ss 
composed of 32 MSB (more significant bits] corre- 
sponding to the address of the resource and 32 LSB 
(less significant bits) corresponding to the generation 



identifying information. 

For making access to the resource, the generation 
identifying information is extracted from the identifier 
transferred as the argument of the system call from the 
user application to the operating system, whereon the 
extracted generation identifying information is com- 
pared with the generaton identifying information stored 
at the leading or starting address of the resource. When 
this comparison results in coincidence, the access to 
the resource is enabled, i.e.. allowed. On the contrary, 
when the comparison shows discrepancy the access to 
the resource is disabled or inhibited with an error mes- 
sage being returned. 

§3.2. System Utilizing Counter 

When the system is activated, a single 32-bit coun- 
ter is generated in the system for counting the number 
of times which resources are generated, and an initial 
value "0" is inputted to the counter as the generation 
identifying information. 

Upon creation of a resource, the above-mentioned 
generation identifying information is incremented by 
one and stored at the starting or leading address of the 
resource. Subsequently, a 64-bit identifier is created 
which includes more significant 32 bits corresponding to 
the address of the resource and less significant 32 bits 
corresponding to the generation identifying information. 

For accessing the resource, the resource access 
processing is performed by using the iderttifier men- 
tioned above similarly to the processing described in the 
section §3.1.. 

Further, the resource accessing methods described 
atx)ve by reference to Figs. 17A to 23 allow to structure 
a safe system which inhibits or disables the invalid 
access to the shared resource by applying the access- 
ing method to the processing steps 1302 and 1306 
shown in Fig. 7. This shared resource accessing 
method will be described below. 

For the shared resource allocation, the processing 
illustrated in Fig. 19 is executed for effecting the shared 
resource allocation. At that time, the identifier assigned 
to the shared resource is held to check the validity of the 
shared resource by using this identifier upon access to 
the shared resource. 

Next, a shared resource accessing method will be 
described below. 

When the processings 1302 and 1306 shown in 
Fig. 7 are executed for carrying out the shared resource 
access processing, processing illustrated in Fig. 23 is 
executed for validating the access to the shared 
resource. At first, before making access to the shared 
resource, the generation identifying information (602 in 
Fig. 17A) stored in the identifier is compared with the 
generation identifying information (609 in Fig. 17A) of 
the shared resource (step 2702 in Fig. 23). 

When coincidence is found between both the gen- 
eration identifying information, it is then decided that the 
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identifier of the shared resource is valid, i.e., the 
resource address (601 in Fig. 17A) contained in the 
identifier is valid. Accordingly, access is made to the 
shared resource by using the resource address to per- 
form the processing for the shared resource. s 

On the contrary, when discrepancy is found 
between both the generation identifying information 
mentioned above, this means that the identifier of the 
shared resource is invalid. More specifically, assuming, 
by way of example, that discrepancy of the generation io 
identifying information occurs in the processing step 
1306 shown in Fig. 7. this means that the shared 
resource is deallocated for some reason during the 
preempt-enable interval intervening between the 
release of the preempt disabled-state (step 1 303 in Fig. 75 
7) in succession to the completion of the processing 
1302 shown in Fig. 7 and the next preempt disabling 
(step 1305 in Fig. 7). Thus, the address of the resource 
(shared resource) as contained in the identifier is 
invalid. Consequently, the access to the shared 20 
resource is suspended and an error processing (step 
2703 in Fig. 23) is carried out. In the error processing, 
the preempt disabling or inhibition and/or abort disa- 
bling may be cleared as occasion requires. 

Owing to the processing method described above, 25 
deallocating of the shared resource carried out outside 
of the preempt-disabled interval can be detected. 
Besides, the access to the invalid resource which may 
occur in accompanying the above-mentioned shared 
resource deallocating can be prevented for thereby pro- 30 
tecting the resource from being destroyed. In this way, it 
is possible to structure a system capable of processing 
the shared resource with enhanced security even when 
the preempt enable inten/al is set in the shared 
resource processing interval or section. 35 

As will now be appreciated from the foregoing 
description, according to the teachings of the Invention 
disclosed herein, overhead involved in the translation 
between the address and the identifier as well as search 
for checking the presence/absence of the access right 40 
can be reduced with the access performance being cor- 
respondingly enhanced. Besides, the resource-access 
disabled interval or section taking place upon comple- 
tion of the process can be shortened. Additionally, the 
resource can be protected against destruction due to 45 
the illegal access to the resource from the process 
imparted with no resource access right. 

Claims 

50 

1. In a computer system in which a plurality of proc- 
esses can run in parallel, a process executing 
method for executing a given one of said plural 
processes by acquiring one shared resource (608) 
for said given one process, using said shared 55 
resource (608) and deallocating said shared 
resource (608), 

said method comprising the steps of: 



acquiring said shared resource (608) for use by 
said given one process after disabling abortion 
and preemption of said given one process; 
clearing said given one process from preempt- 
disabled state and disabling preemption of said 
given one process after processing for said 
shared resource; 

clearing said given one process from the 
preempt-disabled state as well as from the 
abort-disabled state after said shared resource 
has been deallocated from the use by said 
given one process; and 

executing a forcive termination request issued 
for said given one process during a period in 
which said given one process has been in the 
abort-disabled state. 

2. A process executing method according to daim 1 , 

wherein a queue for registering those proc- 
esses issued respective requests is provided for 
use of said shared resource (608). 

said method further comprising the step of: 

executing in a multiprocessing environment a 
leading one of the processes registered in said 
queue and issued respective requests for use 
of said shared resource (608); and 
driving periodically processing relating to said 
process after completion of execution thereof 
and executing serially the processes registered 
in said queue. 

3. A method of accessing a single resource in an 
operating system, comprising the steps of: 

assigning to a resource (608) an identifier (600) 
composed of address information (601) and 
generation identifying information (602) of said 
resource (608) upon generation thereof; 
storing said generation identifying information 
(609) at a leading location of said resource 
(608); 

extracting generation identifying information 
(602) from an identifier (600) transferred as an 
argument of a system call issued by one user 
application for accessing said resource (608); 
comparing the extracted generation identifying 
information (602) with generation identifying 
information (609) stored in said resource (608) 
at a leading location thereof; and 
enabling access to the resource (608) when 
coincidence is found between said generation 
identifying information (602 and 609) while dis- 
abling access to said resource (608) when dis- 
crepancy is found between said generation 
identifying information (602 and 609), 

4. An accessing metiiod according to claim 3, 
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wherein said generation identifying informa- 
tion is a piece of information concerning a time said 
resource was generated. 

An accessing method according to claim 3, wherein s 

said operating system includes only one coun- 
ter (603). and 

said method further comprises the steps of: 
incrementing a counter value (604) of said io 
counter (603) by one upon generation of a 
resource and using said counter value (604) as 
said generation identifying information (605). 
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